HOPE - HOPE Number Nine Video
HOPE Number Nine (2012)
Producer 2600 The Hacker QuarterlyAudio/Visual sound, color
Hackers on Planet Earth
Advanced Handcuff Hacking
Handcuffs always have been a special kind of challenge to lockpickers. This talk will cover advanced manipulation techniques including improvised tools, hidden and 3D-printed keys, and exploiting design weaknesses of various handcuff models. Also, the newest handcuffs produced in the United States and Europe will be shown and explained, some of which haven’t even been introduced to police forces yet.
Building Radios to Talk to the Dead
Apophenia is the human ability to perceive patterns and meaning in completely random data sets. The effect is often explored by “ghost hunters” who use electronic tools to find patterns in the environment around us and exploit them as a way to communicate with spirits of the deceased. This discussion will cover the radio-based and electromagnetic technology commonly used for the reception of EVP or “Electronic Voice Phenomena.” These devices are often modified radios or home constructed circuits which follow a mixture of basic engineering, empirical results, metaphysical concepts, and, in some cases, pure hucksterism. This talk will look at several of these devices, their underlying circuits, their design philosophy, and the culture that surrounds them.
Cryptome Tracks the NYPD Ring of Steel
Deborah Natsios, John Young
Cryptome’s digital multimedia presentation of original cartography, animations, video, and architectural documentation will explore the urban implications of the NYPD One Police Plaza Security Plan - a.k.a. Ring of Steel - which locked down Lower Manhattan after 9/11, transforming its Civic Center into a threatscape centered on NYPD headquarters. With its militarized jurisdiction mobilizing through technologies of command, control, communications, intelligence, surveillance, and reconnaissance, the Ring of Steel has declared itself an iconic public space for our time.
Declassifying Government and Undermining a Culture of Insecurity
It is critically important to obtain and publicize declassified government intelligence documents in order to demystify official narratives of domestic security. Over the last decade, Ivan received about 60 FBI files by using the Freedom of Information Act and by initiating a lawsuit, while writing two books on civil liberties and surveillance. He will discuss his experiences getting government documents and show how new information about surveillance practices can help the American people make better informed judgments about how surveillance systems are developed and deployed. Is it possible for popular democratic participation in the operation of surveillance systems? Whose security is really at stake? How can we counter the creation of a top-down, official “culture of insecurity?”
Designing Free Hardware: Scratching Your Own Itch with a Soldering Iron
Matthew O’Gorman, Tim Heath
So you have played with free and open source software? Time for things to get real. Learn how to go from a simple idea like “I need some electronic dice” or “wouldn’t it be insanely great if I could control my TV from my phone” to a simple breadboard prototype, on to a custom schematic and then laid out in PCB, sending your Gerber files to China for fabrication, and then carefully soldering it together to scream “it’s alive” as your LED glows brightly for the first time.
Eric Davisson aka XlogicX
Encryption makes information secret, steganography hides the information in plain sight. We fancy hiding it in a “pile” that most people would avoid. This talk explores hiding steganography in mediums such as archive exploders, file carving exploders, and virus files. There will be a release of the open source tools eZIPlode/asour, magicbomb/-asour and hivasour/hivsneeze.
HIDIOUS Methods of Keystroke Injection
It’s amazing what can be accomplished with just a few keystrokes. Changing user passwords, formatting disks, and scanning a network are each one command away in most modern operating systems. What if you had two minutes of access on a system? Is this enough time to accomplish information gathering or exploitation on even the most hardened system? It just might be. Through a combination of software and hardware, hundreds of keystrokes a minute can be flawlessly injected into any computer to gain control of system resources. The HIDIOUS (HID Injection Over USB Suite) allows for easy configuration of keyboard/mouse injection attacks through USB.
I’m Not a Real Friend, But I Play One on the Internet
This talk examines the topic of socialbots - realistic, automated bot identities online that are optimized to reliably elicit certain types of social behaviors in groups of users on platforms like Facebook and Twitter. Deployed en masse, large swarms of these bots are able to subtly (and not-so-subtly) shape the ways in which communities grow, connect, and behave on these platforms. Insofar as people increasingly come to rely on these networks into the future, the bots hold the promise (and threat) of shaping not only the social universe of opinions and influence, but real world coordination and action among people as well. Ultimately, this talk will conclude by discussing how these bots suggest the evolution of classic social engineering into a broader social hacking - which approaches human networks as if they were computer networks and applies similar principles for their compromise and defense against the social influence of third parties.
Keynote Address - The Yes Men
The Yes Men
Phone Phreak Confidential: The Backstory of the History of Phone Phreaking
Five years in the making, Phil has finally finished Phone Phreaks, his book on the history of phone phreaking from the 1950s to the 1980s. In this talk, he will weave together the evolution of phone phreaking with the backstory of the writing of his book. From giving John “Cap’n Crunch” Draper a piggyback ride around his apartment in order to secure an interview to cleaning out Joybubbles’s apartment after his untimely demise, Phil’s research took him through the maze of twisty little passages that wind through the history of this underground hobby. Some of the characters you’ll meet include the phone phreak CEO of an electronic warfare company, a cell of Stony Brook students busted for blue boxing, and the mysterious and cantankerous head of the International Society of Telephone Enthusiasts. You’ll also get a behind the scenes tour of the NSA and FBI’s phone phreak files and the 400 Freedom of Information Act requests necessary to get them into the light of day.
Privacy Tricks for Activist Web Developers
Do you care about the privacy of your website’s visitors, but also depend on social media to get your message out? Do you want to protect your visitors’ anonymity in case you or a third party service you use gets subpoenaed? Do you want to be able to get meaningful and pretty analytics without third parties tracking your visitors? Can some kid in a coffee shop really hijack your users’ accounts that easily?
Chances are Google, Facebook, and Twitter know as much about your website’s visitors as you do, IP addresses and user agents are sprinkled about your server’s filesystem, Google Analytics is watching everyone’s every move, and some kid in a coffee shop is already pwning your users. But it doesn’t have to be this way! This technical talk will cover tricks that web developers and sysadmins can use to minimize the privacy problems that plague the modern web.
Pwn the Drones: A Survey of UAV Hacks and Exploits
Trevor Timm, Parker Higgins
Drones are no longer a scary possible future of surveillance and remote force - they’re here. Internationally, drones are being deployed for military action and observation. At home, police departments, border patrols, and others are acquiring UAVs and developing programs to fly them; there’s even talk about adding “less lethal” arms to these domestic drones. Think Tasers and rubber bullets shot from the sky. But a series of alarming events over the past few years have demonstrated that many of these unmanned vehicles are dangerously vulnerable to exploits, leading to intercepted data, flight failures, and even remote takeovers. In this talk, Parker and Trevor will explain the privacy and security implications of some of the most sensational drone exploits and the weaknesses that enabled them. They’ll also go over the work of communities and individuals that have been hacking drones from scratch, and what their efforts mean for our future understanding and regulation of drones.
Emmanuel Goldstein and friends
Since the very first HOPE conference in 1994, the social engineering panel has been a huge draw. We basically round up a bunch of people who like to play on the phone, tell some stories, and make live calls to strangers who wind up telling us things they really shouldn’t in front of a huge crowd of people who are trying very hard not to make any noise. It’s all a lesson on how insecure information really is, and how you can avoid making the same mistakes that some unsuspecting person someplace will inevitably make when this panel randomly calls them.
The Autism Spectrum and You
Mary Robison, Alex Plank, Jack Robison, Kirsten Lindsmith
As a kid, were you considered precocious? Considered eccentric (or just plain weird) by other kids? Have you ever thought that your sensory perceptions are different from other people? Were you (are you still) the “little professor,” intent on teaching everyone about your unique interest(s)? Do you possess unusual interests? Were you bullied? Did you (do you still) live in your own world with restricted interests? As a child, did you accumulate facts but not really understand them? Do you often assume a literal meaning for metaphorical or ambiguous language? Do you make naive or embarrassing remarks with surprising frequency? Do you often fail to comprehend unspoken modes of communication? Have special routines that cannot be altered? Have unusual facial expressions, vocalizations, or posture? Are you, in fact, bewildered by proper behavior? Are you “face-blind” - unable to remember what the people you encounter every day look like, or to recognize them when you encounter them? If you answer many or just some of these questions affirmatively, congratulations! You, like many of your fellow attendees at HOPE, may have an alternate configuration for the wiring of your brain, now called an Autism Spectrum Disorder (it used to be called Asperger’s Syndrome). At HOPE, we’re the majority; neurotypicals are the rest of the world that do not understand us and may even be afraid of us. Most on the spectrum are male, but there are a lot of females flying under the radar. This panel will discuss the spectrum and how we fit on it, and how we interact with the world at large.
The Internet is for Porn! How High Heels and Fishnet Have Driven Internet Innovation and Information Security
Chris Kubecka, Jarett Kulm
A dark and seedy journey to explain the real driver behind Internet innovation: porn. How an economy built on the ultimate satisfaction just a click away has driven technological advances. Racy browsing habits involving our innermost secrets, vulnerable parties, and criminal syndicates have driven malicious code and subsequent security advances. Broad ranging censorship involving much more than pornography has been the end result in attempts to reign in such “unhealthy” habits by well-intentioned governments and organizations. This talk will include a timeline of pornography on the Internet, related security threats, an overview of industry economics (legal and ~illegal), and related censorship. Audience discussion and participation is welcome, but please, no BYOP.
The State of HTTPS
Over the past couple of years, a flurry of developments and events have been happening in the world of HTTPS: from BEAST to HSTS to public key pinning and mixed scripting. Some of these are of abstract interest to technical users, and some require action on the part of webmasters. This talk will cover the broad brush strokes of these developments with a focus on how webmasters can take advantage of them and how to avoid silly configuration mistakes. In the latter part of the talk, a few expected future developments will be covered.